Hi there. Are there any antivirus apps for Linux, like there are for Windows? Or maybe Linux doesn't need any such apps? I just got puppy linux, but I am afraid to connect to the net without any security apps running. It does have a firewall of its own, though. Anything I need to download and run along with it?

You may unadvertedly transmit Windows viruses through data files brought in from some Windows system, but in and of itself, Puppy doesn't need anti-viruses, etc. Any Linux is virus-proof, because its structure makes it very complicated to create a virus for it. You can theoretically create viruses for Linux, it's been done in computing labs. But the lab conditions do not exist in the real world.

If you're worried, always boot your Puppy from CD or DVD, and make a double of your pup-save file.

But as the previous poster said, there has never been any report of a virus on PuppyLinux.

Any computer program is insecure! You can always find a vulnerability, either in the program itself, a library it is linked against or even the kernel.

Linux isn't virus-proof either, because it's just another piece of software. One buffer overflow vulnerability that allows remote code execution and you're in the system as root - that's more than enough to install a rootkit. Also, Puppy uses an old kernel, traditionally - e.g kernel 2.6.37.6 (as in 5.3.1) has many known vulnerabilities and exploits already exist. I'm pretty sure they even get executed by scanners on many computers around the world as I type these words ... maybe even yours!

"Lab conditions" is a lie - there's no difference between a pristine Puppy image and an installed Puppy - both share the same vulnerabilities, except those present in extra packages, of course.

Also, remember - virus scanners are not enough. They rely on viruses already discovered by data security companies - maybe you have a trojan no company ever found, installed on your "secure" Puppy for years.

The bottom line is simple: protect yourself as much as you can - get a restrictive firewall (e.g an iptables-based one), be careful with stuff you install, always be aware of what you have on your system, install security updates and be responsible for your actions. If there's a very sensitive piece of data you don't want to be stolen from your digital systems - make a carbon copy; write it down and keep it in a safe.

Remember - software is always insecure and there's nothing you can do about this, because it means you'll have to change the human nature._________________My homepageMy GitHub profile

What's the advantage of Linux, then, from the standpoint of security? ...

Linux is less prone to virii and exploits than Windows but the gap is beginning to narrow.

I created a post that has already been somewhat addressed, but I will post it anyway. It may be useful to some.
------------------------
Puppy is vulnerable to exploits; don’t kid yourself. Especially when you use a browser and email client that won’t update and you browse as root.

What can you do to improve the situation?
#1 Activate your firewall. Note, this will not prevent browser exploits.
#2 Change your root password.
#3 Use a browser and email client that can update themselves and keep them updated.
# Disable javascript and flashplayer in the browser. Only enable it as needed.
#5 Run your browser and email client as a limited user. Not spot.
#6 Install Avast! antivirus for Linux, use it and keep the virus defs current.

You are most vulnerable when browsing. I was recently exploited while using Puppy 5.1, a DOS executable that was found in spot’s firefox cache by avast. Yes I have wine and jre installed. I learned my lesson; never accept an expired site certificate even for a trusted site! If you get a popup notice about that, don’t touch the popup gui, just close the browser.

Linux may be less prone to exploits, but it is not immune to them, especially an OOTB Puppy.

A quick tutorial for new kids on the block.
How to add a limited user for browsing, named safebrowser, that uses Firefox.
From a console run:
# mkdir /home
# adduser -D safebrowser

Copy .fonts.cache, .fonts.conf, gtkrc* from /root/ to /home/safebrowser/. If you want to use a copy of your bookmarks, preferences and other things copy /root/.mozilla to /home/safebrowser/. Notice that these are hidden files and directory.

Joined: 18 May 2005Posts: 11132Location: The Peoples Republic of California

Posted: Fri 06 Apr 2012, 12:04 Post subject:

I don't use a firewall. I use the built in NAT technology in my existing router. The router uses an old version of Linux which is too dumb to be very hackable. (I think)

As for virus scanners, I don't think they have good enough signature files for finding every Linux badware, although they have signatures for lots of badware, mostly Windows badware.

If I were concerned enough about viruses and because I don't think existing Linux anti-virus scanners are good enough, I would defer to making md5sum databases of my key directories.

The utility I would use would be md5deep to make base files to check against. Then run md5sum periodically to see if any files have been added or modified. Looking for files which shouldn't have been added or modified.

Maybe there are scripts written for us to use. If not, scripts to make the task easy could be written.

I think the main problem is that Linux has not suffered enough external compromises or malware to cause enough developer enthusiasm to necessitate building really good and easy to use firewalls and scanners.

Sort of like saying we need some problems in order to make solutions. Maybe a better way of saying what I want to say is; necessity is the mother of invention.

Anyway, not having perfect solutions, here is some information for anyone interested about the feature set of the md5deep program.

Code:

md5deep version 3.6 by Jesse Kornblum.
$ md5deep [OPTION]... [FILE]...
See the man page or README.txt file for the full list of options
-p - piecewise mode. Files are broken into blocks for hashing
-r - recursive mode. All subdirectories are traversed
-e - compute estimated time remaining for each file
-s - silent mode. Suppress all error messages
-S - displays warnings on bad hashes only
-z - display file size before hash
-m <file> - enables matching mode. See README/man page
-x <file> - enables negative matching mode. See README/man page
-M and -X are the same as -m and -x but also print hashes of each file
-w - displays which known file generated a match
-n - displays known hashes that did not match any input files
-a and -A add a single hash to the positive or negative matching set
-b - prints only the bare name of files; all path information is omitted
-l - print relative paths for filenames
-k - print asterisk before filename
-t - print GMT timestamp
-i/I- only process files smaller than the given threshold
-o - only process certain types of files. See README/manpage
-v - display version number and exit

Apple is a bit like Linux. A unix like kernel with an overlay.
Apple has had problems with exploits.
Here is a text in Swedish and most likely they have that knowledge
either from PCWorld or from IDG News service and from Mac mags.

Linux is mostly protected by being the almost unknown OS
among the majority of average Joe users. So it is finanancely
more attractive to exploit Windows being used by 90% of users.
Here is another such report recently.
Edit Swedes had taken it from BBC

Linux being another variant of Unix like OS should be as vulnerable
Consider how much money Apple can affort to invest in good security
compared to Linux Devs who are mostly doing all programming on
free time.

So Linux is less targeted and that is fortunate for us_________________I use Google Search on Puppy Forum
not an ideal solution though

Joined: 18 May 2005Posts: 11132Location: The Peoples Republic of California

Posted: Fri 06 Apr 2012, 12:31 Post subject:

Iguleder,

I want to add some things to your excellent post.

Of course as we all know a CD disc can't be modified by a hacker.

Also, the mounted SFS included with our Puppy can't be modified remotely with any ease at all, even if it is copied to writeable media such as a hard disk or USB stick.

Modified or added files will be found in /initrd/pup_rw subdirectories, (at least in my version and I hope in all versions)

I think knowing where to look makes the task of monitoring one's system easier. It is for example, much easier to peruse /initrd/pup_rw/usr/bin because it contains only changes than it is to peruse /usr/bin because that directory displays the changes as well as the unchanged.

Right, it's impossible to modify a CD, but:
- A virus can penetrate through network, an infected hard drive/flash drive with some file system or SCSI/IDE driver vulnerability. Maybe even through the optical device driver.
- The virus can stay in memory, without being written to a file you can see in the writeable Aufs layer.
- Maybe the virus is a rootkit that hides files - that's the ultimate win. It lives in the kernel and hides itself.
- Maybe it replaces an existing, legitimate file that is always present in the writeable layer - e.g /etc/windowmanager with the path to a dummy window manager contained in a naive-looking, binary log file that runs JWM and some evil code.
- Overburn?

In short, you can never know. Thinking like a hacker means always being at least two steps ahead of the victim.

There is always a way to penetrate a system - sometimes it's because of the human stupidity and sometimes it's the hacker's technical skills. No matter what it is in this case, the bottom line is: it's impossible to be secure in the digital world._________________My homepageMy GitHub profile

The argument that your read-only CD cannot be altered ignores what may be happening *while you are running*. A rootkit or other malware doesn't need to live on a disk in order to work. Sure, if you are only on-line for a few minutes and then shut down your system then you are at less risk. But many people boot their system and then leave it running for a long time. They are just as vulnerable as anyone can be.

Joined: 18 May 2005Posts: 11132Location: The Peoples Republic of California

Posted: Sat 07 Apr 2012, 19:38 Post subject:

Considerations of Attitude

I think many of the theoreticals introduced in this section are not strictly theoreticals, they could really happen.

Just yesterday, a script I run daily changed. It lost one character and this caused a malfunction in almost all the script. Say what! How?

It just doesn't seem practical for me to cover myself for almost all scenarios. Worse yet, it doesn't seem practical for me to cover myself for all scenarios in the real world, where damages can be much worse, such things as injuries, financial disasters, loss of loved ones.

Also, fear, (too much of it), at a minimum, will make a person miserable if he has to live it day in and day out.

I don't want to be fearful. Frankly, I want to enjoy my computing.

I could reduce many, many risks simply by not connecting to the Internet. But that would take away much of the joy of computing. I think I'd rather have risks associated with Internet usage, than not have the Internet.

I propose something like this: Reduce risks by being informed and taking smart minded precautions. With the knowledge that there are still risks, then enjoy your computing.

Take a personal inventory of one's greater concerns or fears. In other words things he really doesn't want to be a victim of and try and cover himself for those scenarios.

For example: What I hate the most is losing irreplaceable data. The basic solution for that is, for me, making backups of files on a separate storage device.

Concluding

We can never be 100% safe. Even if I take every precaution, it may not be enough, some could still swipe my computer. Do I want to install it in an air-conditioned safe? I suppose I would like to, but I don't have the kind of money to justify the expense.

I don't like taking losses. I don't like the emotion of fear or over concern having much of a role in my life.

I'll endorse that. There has to be a balance; one's computer security is important, but, as you said, not to the point of killing the enjoyment of using a computer.

Beyond that balance point, it becomes paranoia. Reminds me of the tale of the old miser who didn't trust banks: he had put double locks on his doors and windows, and had sensors recording at every angle for fear that whatever cash he has stored in a lead drawer underneath the floor will be stolen. He also had a shotgun, of course. One evening, he inadvertedly shot his son who came in late because he thought he was an intruder... The son had had one beer too many, had forgotten the security code and was simply knocking at the door instead...

Sure it's a tale. But transpose it to the computer situation, and paranoia may lead you to do yourself more harm than good.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot vote in polls in this forumYou cannot attach files in this forumYou can download files in this forum